I'm trying to setup two different websites with two different certificates on my Linode (Ubuntu 10.04LTS).To do this on Tomcat, I need two different IP addresses.However, currently, all HTTP requests are going to the same IP address, even if you enter a different IP address in the browser:http://178.79.152.69/test.jsphttp://176.58.107.88/test.jsp

Any idea how to troubleshoot? I'm a networking newbie, so don't even know at what point the HTTP request header would get the target IP address and name added to it, + have no idea where to start in trying to figure this out.

I've setup the two IP addresses in /etc/network/interfaces:

Code:

# The loopback interfaceauto loiface lo inet loopback

# Configuration for eth0 and aliases

# This line ensures that the interface will be brought up during boot.auto eth0 eth0:0#iface eth0 inet dhcp

# eth0 - This is the main IP address that will be used for most outbound connections.# The address, netmask and gateway are all necessaryiface eth0 inet static address 178.79.152.69 netmask 255.255.255.0 gateway 178.79.152.1 pre-up iptables-restore < /etc/iptables.conf

No - that's precisely the problem.You get the same Local IP and Local Name in both cases:Local IP:178.79.152.69Local name:www.joli-ciel.comOnly the server name is different.

What should appear is for 176.58.107.88 is:<p>Java Version:1.6.0_22<p>Local name:www.moyshele.com<p>Server name:176.58.107.88<p>Local IP:176.58.107.88

What does appear (exactly the same as for http://www.joli-ciel.com except for the Server Name):<p>Java Version:1.6.0_22<p>Local name:www.joli-ciel.com<p>Server name:176.58.107.88<p>Local IP:178.79.152.69

getLocalName and getLocalAddr do not do what you think they do. they look at the local machine, not where the request came to

That's unfortunate, because that's what Tomcat uses to resolve the IP address when you tell the connector to do so.From v6.0.35 source code, org/apache/catalina/connector/CoyoteAdapter.java, line 489:

Code:

if (connector.getUseIPVHosts()) { serverName = req.localName();

However, when I dig deeper into the source code to where the request's local name is getting set in the first place, it's being set from socket.getLocalAddress(), on org/apache/catalina/http11/Http11Processor.java, line 1063.

So, my interpretation of this is that this is where the request came to, not just some check as to the local machine's IP and name.Otherwise, nobody would be able to get this solution working, which is, however, what is recommended by the Tomcat documentation.http://tomcat.apache.org/tomcat-6.0-doc ... unning_SSL"Finally, using name-based virtual hosts on a secured connection can be problematic."

Hmm. If you connect straight to port 8080 instead of 80, does it work as expected?

Using his links from the first post, yes. That means that the mapping ports via iptables is the culprit.

You're really not "supposed" to do it that way. You're "supposed" to use a "real" web server like apache with mod_jk or nginx in front of tomcat. and yes, that's all in quotes for a reason, tomcat will work just fine by itself, but occasionally you end up with a scenario like this.

You might be able to get the iptables to work by having multiple rules for each IP (ie instead of routing all 443 traffic to 8443, separately route ip1.443 to ip1.8443 and ip2.443 to ip2.8443)

Sorry about my previous post, I was off on how those functions work in the context.

That being said, I don't quite understand the IPTables OUTPUT rows.I would expect tomcat to be outputting on port 8443, and to be redirected to port 443, but the opposite is written above.But that's a question for another thread!